Google to publish data on malware, phishing scams

Google on Tuesday said it will begin to regularly publish Internet security data on malware and phishing scams that infect computers and steal consumer information.

The effort is intended to shed light on the sheer volume of viruses that infect Internet users’ computers and on where they originate, and to help keep sites that host them accountable.

Malware, or malicious software, can retrieve sensitive, private information. Viruses and email phishing scams can hobble businesses and are among the top tools used for identity theft, security experts say.

The weekly reports will include the number of malware and phishing sites Google detects as its search-engine crawlers scan the Web. The company said it typically finds about 10,000 such sites a day.

To show the global scale of the problem, Google said it will provide maps of where the viruses are created. The data will be included in Google’s Transparency Report, in which the company also discloses government and law enforcement requests for user data.

Google, Yahoo, Facebook, Microsoft and Apple have offered more data about government requests for information in recent weeks. They are under intense scrutiny of their alleged participation in the PRISM government surveillance of consumer Internet data.

“This is about making the Internet a safer environment,” said Niels Provos, an engineer at Google. The company already sends notifications to webmasters and warns consumers against visiting affected sites in its search results and through its Chrome browser.

The reports, Provos said, are intended to encourage sites that host viruses to respond quickly and clean them up. They will include the number of days it takes for a site that hosts malware to eradicate the infected software.

“Safety doesn’t happen in a vacuum. It’s almost like they are playing a game with us and trying to figure out a way around protections offered by users,” Provos said. “Our game is to be one step ahead of the adversaries.”